Problem setting up Nordvpn on asus RT-ac86u merlin [Noob]

[Robson]

Tried setting up Nordvpn on my roter using this guide https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm
It works for a while and then suddenly I lose internet.
If I set "connect to dns server automatically" to yes usually internet comes back but I lose my VPN.
Could someone take a look on my setting and let me know if anything is wrong from there?

Thanks

 

[Viktor Jaep]

Tried setting up Nordvpn on my roter using this guide https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm
It works for a while and then suddenly I lose internet.
If I set "connect to dns server automatically" to yes usually internet comes back but I lose my VPN.
Could someone take a look on my setting and let me know if anything is wrong from there?

Thanks

You may want to change your "Connection Retry Attempts" from 15 to 0 (infinite). Perhaps it's giving up after 15 chances. Also, what do you have under your "custom configuration" settings? I've provided some screenshots of my setup under this thread:

vpnmon - [RELEASE] VPNMON-R2 v1.6 - A script that monitors the health of your VPN connection (New: SurfShark VPN Compatible + WAN Aware + YazFi Aware)

v1.6 - Now with even more SuperRandom(tm) goodness!! Updated May 23 2022 Executive Summary: VPNMON-R2 v1.6 (VPNMON-R2.SH) is an all-in-one script which compliments @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup, though this is not a requirement, and can function without...

www.snbforums.com

 

[ColinTaylor]

Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.

 

[Robson]

You may want to change your "Connection Retry Attempts" from 15 to 0 (infinite). Perhaps it's giving up after 15 chances. Also, what do you have under your "custom configuration" settings? I've provided some screenshots of my setup under this thread:

vpnmon - [RELEASE] VPNMON-R2 v1.6 - A script that monitors the health of your VPN connection (New: SurfShark VPN Compatible + WAN Aware + YazFi Aware)

v1.6 - Now with even more SuperRandom(tm) goodness!! Updated May 23 2022 Executive Summary: VPNMON-R2 v1.6 (VPNMON-R2.SH) is an all-in-one script which compliments @JackYaz's VPNMGR program to maintain a NordVPN/PIA/WeVPN setup, though this is not a requirement, and can function without...

www.snbforums.com

Thanks I will try it! I´ll take a look at your thread first thing tomorrow. getting late here

this is my c.c :

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 3600

#log /tmp/vpn.log

 

[Robson]

Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.

Thanks for your reply
I changed dns to cloudfare 1.1.1.1 and 1.0.0.1
going to give it a try

 

[Viktor Jaep]

Thanks I will try it! I´ll take a look at your thread first thing tomorrow. getting late here

this is my c.c :

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 3600

#log /tmp/vpn.log

Give this one a shot... it does seem to help with speed and stability:

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

 

[Robson]

Give this one a shot... it does seem to help with speed and stability:

remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

I´ve been using your custom code for a couple of hours now. So far so good !
I´ll report back in a couple days and let you know how it went/goes.
Thanks for taking the time helping me out!

 

[Viktor Jaep]

I´ve been using your custom code for a couple of hours now. So far so good !
I´ll report back in a couple days and let you know how it went/goes.
Thanks for taking the time helping me out!

Absolutely... I think @ColinTaylor's suggestion was probably the fix, but every little tweak helps in the overall scheme of things.

 

[NB_8]

Don't use the NordVPN DNS servers on your WAN settings. Use your "normal" DNS server selection, e.g. your ISP's servers or something like 9.9.9.9.

Would you mind sharing your reasoning regarding this?

 

[Viktor Jaep]

Would you mind sharing your reasoning regarding this?

Many times, VPN providers' DNS servers are meant to be accessed only while connected through their VPN, and may not even be usable or visible to the general public. So if you reference them in your WAN connection, you're basically making a public connection to them without accessing them through an encrypted tunnel, and may not be usable... thus breaking your ability to resolve anything, and hobbling your ability to function across the WAN.

 

[ColinTaylor]

Would you mind sharing your reasoning regarding this?

In addition to @Viktor Jaep's post, the OP was using policy rules to redirect only one device through the VPN. The VPN provider instructions assume all devices are going through the VPN and the customer wants all these devices to use their DNS servers.